Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
10/10/2024, 01:17
General
-
Target
c1ac0a5f1f9f93f9f35cec761589df1489f5852ae820d9d7e1e88496df686454.exe
-
Size
70KB
-
MD5
fb7019ca69db86832cecfbc7e1207e11
-
SHA1
33d00efaf8038ab338bc11aa0ac3779bbd53e64b
-
SHA256
c1ac0a5f1f9f93f9f35cec761589df1489f5852ae820d9d7e1e88496df686454
-
SHA512
5bc085a1e77a4ce9dd79f42f88acf2dcfd854be9c6bc7f0484f245f2d43ead39da011feaa58307f68a30a4946f5f93e06bb539852345ed663498205bc8faaead
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AK:ymb3NkkiQ3mdBjFI46TQK
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 24 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 33 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c1ac0a5f1f9f93f9f35cec761589df1489f5852ae820d9d7e1e88496df686454.exe"C:\Users\Admin\AppData\Local\Temp\c1ac0a5f1f9f93f9f35cec761589df1489f5852ae820d9d7e1e88496df686454.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\nnhnnh.exec:\nnhnnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\1dppj.exec:\1dppj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\flxxlrx.exec:\flxxlrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lfxrrrx.exec:\lfxrrrx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhhhn.exec:\hbhhhn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jppdv.exec:\jppdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lllllxr.exec:\lllllxr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbnhbb.exec:\tbnhbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\3ddvd.exec:\3ddvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpdj.exec:\vvpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fxxrllf.exec:\fxxrllf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\7bbtnh.exec:\7bbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jvpjj.exec:\jvpjj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pjpjp.exec:\pjpjp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5ffxlfx.exec:\5ffxlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btnhhb.exec:\btnhhb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htttht.exec:\htttht.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dvvdj.exec:\dvvdj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\jjjdd.exec:\jjjdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxrxfrf.exec:\xxrxfrf.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hbhbbt.exec:\hbhbbt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\tbtntn.exec:\tbtntn.exe23⤵
- Executes dropped EXE
-
\??\c:\jpjjd.exec:\jpjjd.exe24⤵
- Executes dropped EXE
-
\??\c:\3lrlffx.exec:\3lrlffx.exe25⤵
- Executes dropped EXE
-
\??\c:\tttnht.exec:\tttnht.exe26⤵
- Executes dropped EXE
-
\??\c:\ttnbbt.exec:\ttnbbt.exe27⤵
- Executes dropped EXE
-
\??\c:\pvvjp.exec:\pvvjp.exe28⤵
- Executes dropped EXE
-
\??\c:\xrxlxlf.exec:\xrxlxlf.exe29⤵
- Executes dropped EXE
-
\??\c:\1bbthh.exec:\1bbthh.exe30⤵
- Executes dropped EXE
-
\??\c:\bbthth.exec:\bbthth.exe31⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\7vpjp.exec:\7vpjp.exe32⤵
- Executes dropped EXE
-
\??\c:\dpjdp.exec:\dpjdp.exe33⤵
- Executes dropped EXE
-
\??\c:\3ffffff.exec:\3ffffff.exe34⤵
- Executes dropped EXE
-
\??\c:\thbtth.exec:\thbtth.exe35⤵
- Executes dropped EXE
-
\??\c:\3nhthh.exec:\3nhthh.exe36⤵
- Executes dropped EXE
-
\??\c:\jddvj.exec:\jddvj.exe37⤵
- Executes dropped EXE
-
\??\c:\jdpjp.exec:\jdpjp.exe38⤵
- Executes dropped EXE
-
\??\c:\frrlrlf.exec:\frrlrlf.exe39⤵
- Executes dropped EXE
-
\??\c:\rlxrrfr.exec:\rlxrrfr.exe40⤵
- Executes dropped EXE
-
\??\c:\fflfxrf.exec:\fflfxrf.exe41⤵
- Executes dropped EXE
-
\??\c:\btnhhn.exec:\btnhhn.exe42⤵
- Executes dropped EXE
-
\??\c:\pjjdd.exec:\pjjdd.exe43⤵
- Executes dropped EXE
-
\??\c:\jvvjd.exec:\jvvjd.exe44⤵
- Executes dropped EXE
-
\??\c:\fllxrfr.exec:\fllxrfr.exe45⤵
- Executes dropped EXE
-
\??\c:\1rlrfxx.exec:\1rlrfxx.exe46⤵
- Executes dropped EXE
-
\??\c:\hnbnbt.exec:\hnbnbt.exe47⤵
- Executes dropped EXE
-
\??\c:\bhhhbb.exec:\bhhhbb.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
\??\c:\pjvjv.exec:\pjvjv.exe49⤵
- Executes dropped EXE
-
\??\c:\xffrlfx.exec:\xffrlfx.exe50⤵
- Executes dropped EXE
-
\??\c:\lllxrlx.exec:\lllxrlx.exe51⤵
- Executes dropped EXE
-
\??\c:\nnbtnn.exec:\nnbtnn.exe52⤵
- Executes dropped EXE
-
\??\c:\btnbtn.exec:\btnbtn.exe53⤵
- Executes dropped EXE
-
\??\c:\3ddpv.exec:\3ddpv.exe54⤵
- Executes dropped EXE
-
\??\c:\pdpdp.exec:\pdpdp.exe55⤵
- Executes dropped EXE
-
\??\c:\9fxrfxr.exec:\9fxrfxr.exe56⤵
- Executes dropped EXE
-
\??\c:\5xxrffr.exec:\5xxrffr.exe57⤵
- Executes dropped EXE
-
\??\c:\bnhttn.exec:\bnhttn.exe58⤵
- Executes dropped EXE
-
\??\c:\jjjdp.exec:\jjjdp.exe59⤵
- Executes dropped EXE
-
\??\c:\7vvpd.exec:\7vvpd.exe60⤵
- Executes dropped EXE
-
\??\c:\xlflxfx.exec:\xlflxfx.exe61⤵
- Executes dropped EXE
-
\??\c:\bbnbbb.exec:\bbnbbb.exe62⤵
- Executes dropped EXE
-
\??\c:\nhhnbt.exec:\nhhnbt.exe63⤵
- Executes dropped EXE
-
\??\c:\xlfrlfr.exec:\xlfrlfr.exe64⤵
- Executes dropped EXE
-
\??\c:\fllfrlf.exec:\fllfrlf.exe65⤵
- Executes dropped EXE
-
\??\c:\tthhtn.exec:\tthhtn.exe66⤵
-
\??\c:\nhhnnt.exec:\nhhnnt.exe67⤵
-
\??\c:\3vpdp.exec:\3vpdp.exe68⤵
-
\??\c:\flfrfxl.exec:\flfrfxl.exe69⤵
-
\??\c:\1rrlxrl.exec:\1rrlxrl.exe70⤵
-
\??\c:\flrxfrr.exec:\flrxfrr.exe71⤵
-
\??\c:\tbtbht.exec:\tbtbht.exe72⤵
-
\??\c:\jvvpd.exec:\jvvpd.exe73⤵
- System Location Discovery: System Language Discovery
-
\??\c:\pppjv.exec:\pppjv.exe74⤵
-
\??\c:\rllxfxf.exec:\rllxfxf.exe75⤵
-
\??\c:\bhntth.exec:\bhntth.exe76⤵
-
\??\c:\9hhttn.exec:\9hhttn.exe77⤵
-
\??\c:\vvvjp.exec:\vvvjp.exe78⤵
-
\??\c:\lxrfxll.exec:\lxrfxll.exe79⤵
-
\??\c:\flxrrfr.exec:\flxrrfr.exe80⤵
-
\??\c:\7nbtbt.exec:\7nbtbt.exe81⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe82⤵
-
\??\c:\5jvvj.exec:\5jvvj.exe83⤵
-
\??\c:\lxrlrxr.exec:\lxrlrxr.exe84⤵
-
\??\c:\7rrfrlx.exec:\7rrfrlx.exe85⤵
-
\??\c:\nttnbt.exec:\nttnbt.exe86⤵
-
\??\c:\hhnbth.exec:\hhnbth.exe87⤵
-
\??\c:\jvpdp.exec:\jvpdp.exe88⤵
-
\??\c:\djdpd.exec:\djdpd.exe89⤵
-
\??\c:\3lrlxxr.exec:\3lrlxxr.exe90⤵
-
\??\c:\nhbnbt.exec:\nhbnbt.exe91⤵
-
\??\c:\ththhb.exec:\ththhb.exe92⤵
-
\??\c:\dvpjp.exec:\dvpjp.exe93⤵
-
\??\c:\vdvvp.exec:\vdvvp.exe94⤵
-
\??\c:\rxxrxrr.exec:\rxxrxrr.exe95⤵
-
\??\c:\fxxrrlf.exec:\fxxrrlf.exe96⤵
-
\??\c:\nbthth.exec:\nbthth.exe97⤵
-
\??\c:\nttntn.exec:\nttntn.exe98⤵
-
\??\c:\pjjvj.exec:\pjjvj.exe99⤵
-
\??\c:\jjddv.exec:\jjddv.exe100⤵
-
\??\c:\ffrfxrf.exec:\ffrfxrf.exe101⤵
-
\??\c:\llxxxff.exec:\llxxxff.exe102⤵
-
\??\c:\tttnhb.exec:\tttnhb.exe103⤵
-
\??\c:\ppvpd.exec:\ppvpd.exe104⤵
-
\??\c:\rfxlfxr.exec:\rfxlfxr.exe105⤵
-
\??\c:\1lrllfl.exec:\1lrllfl.exe106⤵
-
\??\c:\bhthnb.exec:\bhthnb.exe107⤵
-
\??\c:\jdvvv.exec:\jdvvv.exe108⤵
-
\??\c:\1ddvd.exec:\1ddvd.exe109⤵
-
\??\c:\rxxrrlf.exec:\rxxrrlf.exe110⤵
-
\??\c:\ttbbhb.exec:\ttbbhb.exe111⤵
-
\??\c:\hbnhtb.exec:\hbnhtb.exe112⤵
-
\??\c:\dvppj.exec:\dvppj.exe113⤵
-
\??\c:\vpjdd.exec:\vpjdd.exe114⤵
-
\??\c:\xrrrllx.exec:\xrrrllx.exe115⤵
-
\??\c:\fllrrll.exec:\fllrrll.exe116⤵
-
\??\c:\1ttnhh.exec:\1ttnhh.exe117⤵
-
\??\c:\nhbnnh.exec:\nhbnnh.exe118⤵
-
\??\c:\jjppd.exec:\jjppd.exe119⤵
-
\??\c:\dpvvj.exec:\dpvvj.exe120⤵
-
\??\c:\rfflrfl.exec:\rfflrfl.exe121⤵
- System Location Discovery: System Language Discovery
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-